Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/81hEgznyRnqjfzJ_EsCS5skEh34.roa
File:                     81hEgznyRnqjfzJ_EsCS5skEh34.roa (raw, json)
Hash identifier:          znTmkKqDSPWEXB86K0Qx4EWh2KLiauHlLZ2/0Xv+5js=
Subject key identifier:   F3:58:44:83:39:F2:46:7A:A3:7F:32:7F:12:C0:92:E6:C9:04:87:7E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187C0424645083983FC6871D3CEE8AB03C9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/81hEgznyRnqjfzJ_EsCS5skEh34.roa
Signing time:             Thu 27 Apr 2023 01:09:41 +0000
ROA not before:           Thu 27 Apr 2023 01:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c0:42:46:45:08:39:83:fc:68:71:d3:ce:e8:ab:03:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 27 01:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f358448339f2467aa37f327f12c092e6c904877e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:dd:0b:7f:89:70:0e:7d:bf:ee:d3:21:d2:b8:
                    86:58:40:dd:92:c9:0f:2e:c1:a0:e4:6e:0b:66:e4:
                    7d:b7:0d:61:4e:8e:4b:10:1b:93:cf:4e:b7:d0:1b:
                    8b:c0:9c:61:7f:ed:c4:12:33:c1:fa:96:a4:fa:93:
                    62:68:bc:c8:c8:96:c0:e5:6e:f4:a9:75:78:a0:9d:
                    df:cb:a1:eb:ae:b8:4f:ab:94:01:35:48:bb:31:ff:
                    4c:28:68:1a:2e:7e:2a:65:df:cb:74:ed:ca:a6:88:
                    a1:73:57:25:b2:4c:37:84:80:dd:5e:2b:29:5a:16:
                    9f:5f:d6:d7:1c:d5:3d:3b:4a:2e:ef:34:20:aa:7e:
                    10:ca:61:c1:82:ea:2d:53:26:0a:1a:d1:75:7c:80:
                    63:0a:22:f9:65:a7:01:e0:4d:bc:c2:ef:8f:b8:aa:
                    3b:37:66:35:31:c2:d0:d3:03:c0:9b:ba:6a:14:0f:
                    33:f7:e1:20:13:13:45:9d:4e:36:32:23:7b:f5:83:
                    df:8a:09:0a:f2:fd:46:e3:9c:4c:40:d0:5b:00:a7:
                    e4:96:98:a3:04:94:9a:1e:1e:d3:b9:84:35:a3:39:
                    fc:f8:ed:44:8a:56:e3:51:82:ab:e7:3a:62:4d:98:
                    ff:2f:ef:23:05:74:44:61:d5:3e:be:44:2b:5a:b3:
                    82:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:58:44:83:39:F2:46:7A:A3:7F:32:7F:12:C0:92:E6:C9:04:87:7E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/81hEgznyRnqjfzJ_EsCS5skEh34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:df:24:9a:f0:c3:42:8d:76:be:ae:e6:0f:77:98:ce:bf:42:
         b3:0f:64:11:1c:63:1b:b0:07:29:d8:a0:f6:73:54:d8:56:fc:
         24:d6:62:fd:1c:c3:a6:6c:f1:35:e9:3c:1d:00:ac:98:3b:01:
         0d:c0:9d:17:69:9e:74:f3:2f:fa:05:01:24:19:f8:cd:00:4c:
         3e:9e:08:6b:51:f5:5e:a6:3e:39:35:f0:40:77:36:09:a7:c0:
         a4:6e:ae:e2:a1:fe:08:52:fa:08:d4:54:54:f4:c6:18:c1:5e:
         cd:8a:cf:ba:03:5d:ae:e1:58:71:b9:ef:bf:74:5f:d8:85:6f:
         8c:21:44:50:72:02:70:f9:de:7e:fc:8a:0c:fa:2f:6d:54:ae:
         dd:a6:32:e8:01:82:30:45:a7:46:fd:b0:e1:9a:36:93:71:71:
         fa:4f:56:65:3c:62:cf:2e:b3:0e:54:26:64:cb:a0:a2:be:ce:
         22:f1:52:df:64:5a:99:1a:8a:ab:17:d0:db:ca:bc:43:1c:a4:
         97:fb:65:5c:08:7a:1d:68:8c:3f:74:0a:57:fb:c4:7e:d2:a7:
         41:09:86:4d:ae:bb:df:d2:5d:5c:22:6f:ff:06:3c:68:38:95:
         6f:d6:98:29:bf:70:41:0f:42:11:49:44:64:e3:e9:e0:65:08:
         90:0a:05:00
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfAQkZFCDmD/Ghx087oqwPJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI3MDEwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzU4NDQ4MzM5ZjI0NjdhYTM3ZjMyN2YxMmMwOTJlNmM5MDQ4NzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtN0Lf4lwDn2/7tMh0riGWEDdkskP
LsGg5G4LZuR9tw1hTo5LEBuTz0630BuLwJxhf+3EEjPB+pak+pNiaLzIyJbA5W70
qXV4oJ3fy6HrrrhPq5QBNUi7Mf9MKGgaLn4qZd/LdO3Kpoihc1clskw3hIDdXisp
WhafX9bXHNU9O0ou7zQgqn4QymHBguotUyYKGtF1fIBjCiL5ZacB4E28wu+PuKo7
N2Y1McLQ0wPAm7pqFA8z9+EgExNFnU42MiN79YPfigkK8v1G45xMQNBbAKfklpij
BJSaHh7TuYQ1ozn8+O1EilbjUYKr5zpiTZj/L+8jBXREYdU+vkQrWrOC7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPNYRIM58kZ6o38yfxLAkubJBId+MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvODFoRWd6bnlSbnFqZnpKX0VzQ1M1c2tFaDM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAD/fJJrww0KNdr6u5g93
mM6/QrMPZBEcYxuwBynYoPZzVNhW/CTWYv0cw6Zs8TXpPB0ArJg7AQ3AnRdpnnTz
L/oFASQZ+M0ATD6eCGtR9V6mPjk18EB3NgmnwKRuruKh/ghS+gjUVFT0xhjBXs2K
z7oDXa7hWHG57790X9iFb4whRFByAnD53n78igz6L21Urt2mMugBgjBFp0b9sOGa
NpNxcfpPVmU8Ys8usw5UJmTLoKK+ziLxUt9kWpkaiqsX0NvKvEMcpJf7ZVwIeh1o
jD90Clf7xH7Sp0EJhk2uu9/SXVwib/8GPGg4lW/WmCm/cEEPQhFJRGTj6eBlCJAK
BQA=
-----END CERTIFICATE-----